CVE-2019-18659

Name of the Vulnerable Software and Affected Versions LTE phones (affected versions not specified)

Description The issue concerns the Wireless Emergency Alerts (WEA) protocol, which lacks cryptographic authentication, allowing remote attackers to spoof a Presidential Alert. This can be demonstrated by MessageIdentifier 4370 in LTE System Information Block 12 (aka SIB12). Testing has suggested that all LTE phones are affected by design, regardless of the operating system used, such as Android or iOS.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.